Limiting Data Access


How can I set up a table with information from X clients while only allowing clients to view their own data?

For example, imagine my table has data from company A, company B, and company C. How can I make it such that company A only sees their own data, without seeing company B or C's data in the application?

The simple way is to use The personalization feature for lists. The more custom way is to use the $[sys_user] system variable, and combine that with the visibility property.

You can also make separate apps based on user type, one for the admin, one for the clients.

hi @Luis-b6af, this is a pretty complex app to build off the bat, but it is possible. First I'd build the app and get it working as if it was for one customer, then you can add the filters necessary to show data only for the right customer. In other words, start with an MVP get something working and then expand on it. The simplest option at that point is to copy and paste the workbook for each customer; this is a maintenance problem and data aggregation problem but an easy way to test if it works with two or three customers.

When you go to expand it to multiple customers (in the same workbook) here are some ideas:

  • First of all, all the contacts from all the customers (A-n) will have to be invited by you to the same team (regardless if you have one app or multiple apps in a workbook), which may not be a problem if they all know you but don't need to know each other (you can obscure access in the app.
  • Unless you create separate apps for each customer, you will depend on hiding fields or filters. Filters are preferable as they pull just the right data, hiding fields is not a secrecy mechanism just a client side display mechanism so don't depend on it to preserve secrecy.

Here is a very simple app that does what I think you are looking to do:

  • Create a Customers table
    as simple as this; obviously you will want to add more fields later

  • Create a Contacts table
    where you store [Name, Customer, Phone, Email, etc.]. Notice that Name is of type Contact, and Customer is of type Rowling to Customers table above.

  • Create an Orders table
    where you store the orders for all Customers. This table will have the following fields: [OrderName, Customer, OrderDate, etc...]. Note that Customer is of Type Rowlink to Customers table above.

  • Orders Screen Local Variables
    On the Order screen add two DataCell as local Variable (not Shared). The first one is CurrentUser, the second one CurrentCustomer. You can make these invisible later if you want, but set them as follows for CurrentUser and CurrentCustomer respectively:
    These will serve as your local variables and can be used in filtering lists on this page for orders pertaining to this customer only.

  • Orders List
    On the same screen ad a Column List and set its Data Source to Orders (because you will want to show orders) and show all the fields for now (you can customize later. This will look like this:

    And produce a list that by default shows all the Orders (in our case 3 orders), we'll customize this with a filter next.

  • Filter the Orders for the specific Customer only
    Click on the List block itself (right on the List tab) and then in the properties change the Set Source from "=Orders" to =FILTER(Orders,"Orders[Customer]=%",$[CurrentCompany]) This will now show only the orders belonging to this company.

  • The final screen will look like this (notice that only the Orders for Customer A are shown):

That's it. Now you will have to use this pattern for any other entity you want to "segregate" by Customer. Say you want to track Assets, or Expenses, or whatever else by Company, you will have to do the same thing.

Good luck, I hope this gets you started.


1 Like